The CA=True value identifies the certificate as a CA certificate. The KryUsage =KeyCertSign value indicates that the certificate corresponding private key is permitted to sign certificates. see RFC 5280 section 4.2.1.9 basic Constraints.
Answer is A and B
A. The keyUsage extension must be set to keyCertSign.
B. The CA extension must be set to TRUE.
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
A & B
FortiGate_Security_7.2 page 232
Although it appears as though the user browser is connected to the web server, the browser is connected to
FortiGate. FortiGate is acting as a proxy web server. In order for FortiGate to act in these roles, its CA
certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension
set to keyCertSign.
Security page 323
its CA certificate must have the basic constrainst extension set to cA=True and the value of the keyUsage extension set to keyCertSing
Full SSL inspection - Certificate requirements:
FortiGate is acting as a proxy web server. In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension set to keyCertSign
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
itmaxuser
Highly Voted 1 year, 6 months agoViicon
Most Recent 3 months, 3 weeks agoSlash_JM
1 year, 3 months agoraydel92
1 year, 4 months ago[Removed]
1 year, 5 months agomcclane654
1 year, 6 months agoumairmasood
1 year, 6 months agoEggrolls
1 year, 6 months agoredSTORM
1 year, 8 months agoPaulGo
1 year, 9 months agoBoostBoris
1 year, 11 months agochromevandium11
2 years ago